What is CVE-2014-0016?

CVE-2014-0016 is a vulnerability in Stunnel, classified under CWE-332. Published 2014-03-24.

Is CVE-2014-0016 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Stunnel

CVE-2014-0016

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remo…

EPSS: 0.003 (54.7th percentile) — read the EPSS interpretation.

Affected products

Stunnel — versions 0.1, 1.0, 1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-332

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
secalert@redhat.com (Patch, x_refsource_MISC)
[oss-security] 20140305 libssh and stunnel PRNG flaws (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, VDB Entry, Third Party Advisory, Issue Tracking)
65964 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-0016?: CVE-2014-0016 is a vulnerability in Stunnel, classified under CWE-332. Published 2014-03-24.
Is CVE-2014-0016 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.